Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. These activities will show you how to use Wireshark to capture and analyze Hypertext Transfer Protocol (HTTP) traffic.

Select the fourth packet, which is the first HTTP packet and labeled GET /.

Observe the packet details in the middle Wireshark packet details pane. Notice that it is an Ethernet II / Internet Protocol Version 4 / Transmission Control Protocol / Hypertext Transfer Protocol frame. Also notice that the Ethernet II, Internet Protocol Version 4, and Transmission Control Protocol values are consistent with the TCP connection analyzed in Activity 3.

Expand Hypertext Transfer Protocol to view HTTP details.

Observe the GET request, Host, Connection, User-Agent, Referrer, Accept, and Cookie fields. This is the information passed to the HTTP server with the GET request.

Observe the traffic captured in the top Wireshark packet list pane.

Select the fifth packet, labeled TCP ACK. This is the server TCP acknowledgement of receiving the GET request.

Select the next packet, labeled TCP segment of a reassembled PDU. Notice that because the server response is longer than the maximum segment PDU size, the response has been split into several TCP segments.